Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Response to comments on Security and Obscurity

From: Valdis.Kletnieks () vt edu
Date: Thu, 02 Sep 2004 10:38:48 -0400
On Wed, 01 Sep 2004 15:03:03 EDT, "Clairmont, Jan M" said:


The Clairmont-Everhardt Index of potential Security vulnerability being equal 
to the (Number of Computers)! * (Number of People using the systems)! * (Number of Ports)!
* (the Lines of Code)! * (The number of Applications)! * (Number of Routers/Hubs)! 
and any other factors you wish to include.


Given the "any other factors" clause, I won't ask what mathematically rigorous
reason there is to suspect that the factorial function is the proper one to use. :)

For starters, although our network has well over 2,000 routers/switches/access points,
the number that are directly impacting the security of the computer I'm typing on
is down in the several dozen range.  Similarly, one could make the case that it
should be "(number of computers)" and "(*AVERAGE* number of people per system)"
or a product of "number of users" times "number of systems each user has access to".

And so on....

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: